[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) Mon, 23 Jun 2025 22:49:18 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
8e06c48c by Salvatore Bonaccorso at 2025-06-24T07:48:04+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -8,9 +8,9 @@ CVE-2025-6545 (Improper Input Validation vulnerability in 
pbkdf2 allows Signatur
        NOTE: Introduced by: 
https://github.com/browserify/pbkdf2/commit/9699045c37a07f8319cfb8d44e2ff4252d7a7078
 (v3.0.10)
        NOTE: Fixed by: 
https://github.com/browserify/pbkdf2/commit/e3102a8cd4830a3ac85cd0dd011cc002fdde33bb
 (v3.1.3)
 CVE-2025-6518 (A vulnerability was found in PySpur-Dev pyspur up to 0.1.18. It 
has be ...)
-       TODO: check
+       NOT-FOR-US: PySpur-Dev pyspur
 CVE-2025-6517 (A vulnerability was found in Dromara MaxKey up to 4.1.7 and 
classified ...)
-       TODO: check
+       NOT-FOR-US: Dromara MaxKey
 CVE-2025-6516 (A vulnerability has been found in HDF5 up to 1.14.6 and 
classified as  ...)
        - hdf5 <unfixed>
        NOTE: https://github.com/HDFGroup/hdf5/issues/5581
@@ -23,7 +23,7 @@ CVE-2025-6511 (A vulnerability classified as critical has 
been found in Netgear
 CVE-2025-6510 (A vulnerability was found in Netgear EX6100 1.0.2.28_1.1.138. 
It has b ...)
        NOT-FOR-US: Netgear
 CVE-2025-6509 (A vulnerability was found in seaswalker spring-analysis up to 
4379cce8 ...)
-       TODO: check
+       NOT-FOR-US: seaswalker spring-analysis
 CVE-2025-52969 (ClickHouse 25.7.1.557 allows low-privileged users to execute 
shell com ...)
        TODO: check
 CVE-2025-52968 (xdg-open in xdg-utils through 1.2.1 can send requests 
containing SameS ...)
@@ -42,11 +42,11 @@ CVE-2025-52936 (Improper Link Resolution Before File Access 
('Link Following') v
 CVE-2025-52935 (Integer Overflow or Wraparound vulnerability in dragonflydb 
dragonfly  ...)
        TODO: check
 CVE-2025-52922 (Innoshop through 0.4.1 allows directory traversal via 
FileManager API  ...)
-       TODO: check
+       NOT-FOR-US: Innoshop
 CVE-2025-52921 (In Innoshop through 0.4.1, an authenticated attacker could 
exploit the ...)
-       TODO: check
+       NOT-FOR-US: Innoshop
 CVE-2025-52920 (Innoshop through 0.4.1 allows Insecure Direct Object Reference 
(IDOR)  ...)
-       TODO: check
+       NOT-FOR-US: Innoshop
 CVE-2025-52879 (In JetBrains TeamCity before 2025.03.3 reflected XSS in the 
NPM Regist ...)
        NOT-FOR-US: JetBrains
 CVE-2025-52878 (In JetBrains TeamCity before 2025.03.3 usernames were exposed 
to the u ...)
@@ -64,51 +64,51 @@ CVE-2025-50349 (PHPGurukul Pre-School Enrollment System 
Project V1.0 is vulnerab
 CVE-2025-50348 (PHPGurukul Pre-School Enrollment System Project V1.0 is 
vulnerable to  ...)
        NOT-FOR-US: PHPGurukul
 CVE-2025-49574 (Quarkus is a Cloud Native, (Linux) Container First framework 
for writi ...)
-       TODO: check
+       NOT-FOR-US: Quarkus
 CVE-2025-49144 (Notepad++ is a free and open-source source code editor. In 
versions 8. ...)
-       TODO: check
+       NOT-FOR-US: Notepad++
 CVE-2025-49126 (Visionatrix is an AI Media processing tool using ComfyUI. In 
versions  ...)
        TODO: check
 CVE-2025-48700 (An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15 
and 9.0 a ...)
        NOT-FOR-US: Zimbra
 CVE-2025-48026 (A vulnerability in the WebApl component of Mitel OpenScape 
Xpressions  ...)
-       TODO: check
+       NOT-FOR-US: Mitel
 CVE-2025-46101 (SQL Injection vulnerability in Beakon Software Beakon Learning 
Managem ...)
-       TODO: check
+       NOT-FOR-US: Beakon Software Beakon Learning Management System
 CVE-2025-44528 (An issue in Texas Instruments LP-CC2652RB SimpleLink CC13XX 
CC26XX SDK ...)
-       TODO: check
+       NOT-FOR-US: Texas Instruments
 CVE-2025-2172 (Aviatrix Controller versions prior to 7.1.4208, 7.2.5090, and 
8.0.0 fa ...)
-       TODO: check
+       NOT-FOR-US: Aviatrix Controller
 CVE-2025-2171 (Aviatrix Controller versions prior to 7.1.4208, 7.2.5090, and 
8.0.0 do ...)
-       TODO: check
+       NOT-FOR-US: Aviatrix Controller
 CVE-2025-27387 (OPPO Clone Phone uses a weak password WiFi hotspot to transfer 
files,  ...)
-       TODO: check
+       NOT-FOR-US: Oppo
 CVE-2025-23049 (Meridian Technique Materialise OrthoView through 7.5.1 allows 
OS Comma ...)
-       TODO: check
+       NOT-FOR-US: Meridian Technique Materialise OrthoView
 CVE-2024-45347 (An unauthorized access vulnerability exists in the Xiaomi Mi 
Connect S ...)
        NOT-FOR-US: Xiaomi
 CVE-2024-3511 (An incorrect authorization vulnerability exists in multiple 
WSO2 produ ...)
        NOT-FOR-US: WSO2
 CVE-2023-50450 (An issue was discovered in Sensopart VISOR Vision Sensors 
before 2.10. ...)
-       TODO: check
+       NOT-FOR-US: Sensopart VISOR
 CVE-2023-48978 (An issue in NCR ITM Web terminal v.4.4.0 and v.4.4.4 allows a 
remote a ...)
-       TODO: check
+       NOT-FOR-US: NCR ITM Web terminal
 CVE-2023-47298 (An issue in NCR Terminal Handler 1.5.1 allows a low-level 
privileged a ...)
-       TODO: check
+       NOT-FOR-US: NCR Terminal Handler
 CVE-2023-47297 (A settings manipulation vulnerability in NCR Terminal Handler 
v1.5.1 a ...)
-       TODO: check
+       NOT-FOR-US: NCR Terminal Handler
 CVE-2023-47295 (A CSV injection vulnerability in NCR Terminal Handler v1.5.1 
allows at ...)
-       TODO: check
+       NOT-FOR-US: NCR Terminal Handler
 CVE-2023-47294 (An issue in NCR Terminal Handler v1.5.1 allows low-level 
privileged au ...)
-       TODO: check
+       NOT-FOR-US: NCR Terminal Handler
 CVE-2023-47032 (Password Vulnerability in NCR Terminal Handler v.1.5.1 allows 
a remote ...)
-       TODO: check
+       NOT-FOR-US: NCR Terminal Handler
 CVE-2023-47031 (An issue in NCR Terminal Handler v.1.5.1 allows a remote 
attacker to e ...)
-       TODO: check
+       NOT-FOR-US: NCR Terminal Handler
 CVE-2023-47030 (An issue in NCR Terminal Handler v.1.5.1 allows a remote 
attacker to e ...)
-       TODO: check
+       NOT-FOR-US: NCR Terminal Handler
 CVE-2023-47029 (An issue in NCR Terminal Handler v.1.5.1 allows a remote 
attacker to e ...)
-       TODO: check
+       NOT-FOR-US: NCR Terminal Handler
 CVE-2021-47688 (In WhiteBeam 0.2.0 through 0.2.1 before 0.2.2, a user with 
local acces ...)
        TODO: check
 CVE-2025-6503 (A vulnerability was found in code-projects Inventory Management 
System ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8e06c48c046730fce97cca1712bf78167fe48465

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8e06c48c046730fce97cca1712bf78167fe48465
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process some NFUs

Reply via email to